Rule Library

Sigma Rules

2 rules found for "Jimmy Bayne"

3,707Total

3,116Detection

451Emerging

137Hunting

Filters

Type

Severity

Status

Product

Category

Detectionmediumtest

Binary Proxy Execution Via Dotnet-Trace.EXE

Detects commandline arguments for executing a child process via dotnet-trace.exe

WindowsProcess Creation

TA0002 · ExecutionTA0005 · Defense EvasionT1218 · System Binary Proxy Execution

Jimmy BayneTue Jan 02windows

Detectionmediumtest

Enabling COR Profiler Environment Variables

Detects .NET Framework CLR and .NET Core CLR "cor_enable_profiling" and "cor_profiler" variables being set and configured.

WindowsRegistry Set

TA0003 · PersistenceTA0004 · Privilege EscalationTA0005 · Defense EvasionT1574.012 · COR_PROFILER

Jose Rodriguez+2Thu Sep 10windows